{"id":20165985,"url":"https://github.com/luizgh/avc_nips_2018","last_synced_at":"2025-04-10T01:20:27.920Z","repository":{"id":70616190,"uuid":"156722797","full_name":"luizgh/avc_nips_2018","owner":"luizgh","description":"Code to reproduce the attacks and defenses for the entries \"JeromeR\" in the NIPS 2018 Adversarial Vision Challenge","archived":false,"fork":false,"pushed_at":"2019-05-01T16:02:30.000Z","size":35,"stargazers_count":19,"open_issues_count":0,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-24T03:01:40.951Z","etag":null,"topics":["adversarial-examples","machine-learning"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/luizgh.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-11-08T14:55:01.000Z","updated_at":"2022-09-16T11:16:03.000Z","dependencies_parsed_at":"2023-03-17T07:45:48.748Z","dependency_job_id":null,"html_url":"https://github.com/luizgh/avc_nips_2018","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luizgh%2Favc_nips_2018","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luizgh%2Favc_nips_2018/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luizgh%2Favc_nips_2018/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luizgh%2Favc_nips_2018/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/luizgh","download_url":"https://codeload.github.com/luizgh/avc_nips_2018/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248138095,"owners_count":21053809,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adversarial-examples","machine-learning"],"created_at":"2024-11-14T00:42:11.116Z","updated_at":"2025-04-10T01:20:27.910Z","avatar_url":"https://github.com/luizgh.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"NIPS 2018 Adversarial Vision Challenge\n======================================\n\nCode to reproduce the attacks and defenses for the entries \"JeromeR\" in the `NIPS 2018 Adversarial Vision Challenge`_ (1st place on Untargeted attacks, 3rd place on Robust models and Targeted attacks)\n\nTeam name: LIVIA - ETS Montreal\n\nTeam members: `Jérôme Rony`_, Luiz Gustavo Hafemann\n\nOverview\n========\n\n**Defense**: We trained a robust model with a new iterative gradient-based L2 attack that we propose \n(Decoupled Direction and Norm — DDN), that is fast enough to be used during training. \nIn each training step, we find an adversarial example (using DDN) that is close to the decision \nboundary, and minimize the cross-entropy of this example. There is no change to the model architecture, \nnor any impact on inference time.\n\n**Attacks**: Our attack is based on a collection of surrogate models (including robust models trained with DDN). \nFor each model, we select two directions to attack: the gradient of the cross entropy loss for \nthe original class, and the direction given by running the DDN attack. For each direction, we do a \nbinary search on the norm to find the decision boundary. We take the best attack and refine it with a Boundary attack.\n\nFor more information on the DDN attack, refer to the paper_, and implementation_:\n\n.. [1] Jérôme Rony, Luiz G. Hafemann, Luiz S. Oliveira, Ismail Ben Ayed, Robert Sabourin and  Eric Granger \"Decoupling Direction and Norm for Efficient Gradient-Based L2 Adversarial Attacks and Defenses\", arXiv:1811.09600\n\n\n.. _NIPS 2018 Adversarial Vision Challenge: https://www.crowdai.org/challenges/nips-2018-adversarial-vision-challenge\n.. _Jérôme Rony: http://github.com/jeromerony/\n.. _paper: https://arxiv.org/abs/1811.09600\n.. _implementation: https://github.com/jeromerony/fast_adversarial\n.. _TinyImagenet: https://drive.google.com/open?id=1pvefHKnFqtyN8vfg5ScF6jwMCP8PNWSj\n.. _resnet18_clean: https://drive.google.com/open?id=1UCRo_4gQThr58v1qPGVh5YuFlxIOSsPz\n.. _resnext50_ddn: https://drive.google.com/open?id=1J6YBHEtTRF1Bq1jpjSJzpk-ifGStfua9\n.. _resnext50_32x4d: https://drive.google.com/open?id=1DAsFkKHFhMkAppp-L4nNN_QEcJkEwYq8\n\nInstallation\n============\n\nClone this repository and install the dependencies by running ``pip install -r requirements.txt``\n\nDownload the TinyImagenet_ dataset and extract it:\n\n.. code-block:: bash\n\n    tar xvf tiny-imagenet-pytorch.tar.gz -C data\n\nOptional: download trained models: resnext50_ddn_ (our robust model), resnet18_clean_ (not adversarially trained).\n\nTraining a model\n================\n\nAdversarially train a model (using the DDN attack) starting from an imagenet-pretrained resnext50_32x4d_ :\n\n.. code-block:: bash\n\n    python train_tiny_imagenet_ddn.py data --sf tiny_ddn --adv --max-norm 1 --arch resnext50_32x4d --pretrained\n\n\nFor monitoring training, you can start a visdom server, and then add the argument ``--visdom-port \u003cport\u003e`` to the\ncommand above:\n\n.. code-block:: bash\n\n    python -m visdom.server -port \u003cport\u003e\n\n\nRunning the attack\n==================\n\nSee \"attack_example.py\" for an example of the attack. If you downloaded the models from the Installation_ section,\nyou can run the following code:\n\n.. code-block:: bash\n\n    python attack_example.py --m resnet18_clean.pt --sm resnext50_32x4d_ddn.pt\n\nThis will create an attack against a resnet18 model, using an adversarially trained surrogate model.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluizgh%2Favc_nips_2018","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fluizgh%2Favc_nips_2018","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluizgh%2Favc_nips_2018/lists"}